Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.exe

  • Size

    6.9MB

  • MD5

    495a0996b17a028b94974735e93dc658

  • SHA1

    0c3919104b26e9f9a2a1e67936b4a403ce9a9fd1

  • SHA256

    45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878

  • SHA512

    b59c525483037ffbc1b73d5f0f78b72dc4657c463c14228a46a148361da183ed45f22aa2c4cdcf71433fa4ab3ca6cb41b187d628e9d933b4d3ab4cbff2c835fa

  • SSDEEP

    196608:nSnj/mmV+GsH+bNueuJRAZVAOk5Vvz+tqE9AmEkzj:nSjumV+jHUodIjk5VzfE9Awzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.exe
    "C:\Users\Admin\AppData\Local\Temp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Users\Admin\AppData\Local\Temp\is-1E8V2.tmp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1E8V2.tmp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.tmp" /SL5="$B01FC,6998999,54272,C:\Users\Admin\AppData\Local\Temp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4628
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:2224
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:3496
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:3104
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3204
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 10
            4⤵
              PID:5016

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        429KB

        MD5

        1f511f868a2cbc04da1d8a566bf26ef2

        SHA1

        fd99e847866afdd236ae0d3031f7f6d967d5f5c8

        SHA256

        0998487f4802daf67ab16a462c943be52b8dc9216e13d87d0c61325ec3d66c0a

        SHA512

        df5cf7950196e5d01a62b2c5d653c9ca036bfb3ccac496e91b18bb26debb1e8d259270dd2265dc775b81aee22babf289e122696e7e6474a33f49707c05b3150e

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        947KB

        MD5

        689557ebfe36cb246946df6f390de7db

        SHA1

        8b16bb7c6f7d518b28e7ec712d2f5dcf40172306

        SHA256

        8dfa9f0f4db320d380a1482e21cf981171ce881fb8ca7c48c9b3dc8a8261bf4f

        SHA512

        0971e9acc73ccaa16f3305691a8b2ddde5c6baca26c4c91e84add26053e81a9bf46287ad299d9eca44c442c116e9932718bbe189d9e3a8182a2af32f1f2133e9

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        119KB

        MD5

        85555f8f28f8ee5c58a96c0a84f07cef

        SHA1

        1ba5b96400da96c093c0ab6eac45c57546f57af9

        SHA256

        0ade9e0462b82552788f5a0e529fa8edef44a7cb0445d5cc998cfec4d8d2fc6a

        SHA512

        4e646a1b5ab645f2b2acf8d59411bcd63059ab8699e912042de39b1f2ed1a6de026440908e027c3e5ef5e12a8ca21fb5e55cf185801bef25d7d5ee5721f7ec62

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-1E8V2.tmp\45e898ba92aa19612dcfd675c6d5f44c30982beac6a669a80d4f2ce67b84c878.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-U3168.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-U3168.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/1784-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1784-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1784-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3104-159-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-193-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-199-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-206-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-157-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-190-0x0000000000860000-0x0000000000901000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3104-209-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-196-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-162-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-203-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-166-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-167-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-170-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-173-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-176-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-178-0x0000000000860000-0x0000000000901000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3104-180-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-183-0x0000000000860000-0x0000000000901000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3104-186-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3104-189-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3496-152-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3496-154-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3496-155-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3496-151-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4628-163-0x0000000000650000-0x0000000000651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4628-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4628-10-0x0000000000650000-0x0000000000651000-memory.dmp

        Filesize

        4KB

        Download